goauthentik/authentik version/2025.12.5

Release 2025.12.5

on GitHub

See https://docs.goauthentik.io/docs/releases/2025.12#fixed-in-2025125

What's Changed

• website/docs: 2025.10.4 release notes (cherry-pick #20242 to version-2025.12) by @authentik-automation[bot] in #20250
• website/docs: 2025.12.4 release notes (cherry-pick #20226 to version-2025.12) by @authentik-automation[bot] in #20252
• website/docs: 2025.8.6 release notes (cherry-pick #20243 to version-2025.12) by @authentik-automation[bot] in #20256
• ci: fix binary outpost build on release (cherry-pick #20248 to version-2025.12) by @rissson in #20280
• website/docs: add okta source doc (cherry-pick #20296 to version-2025.12) by @authentik-automation[bot] in #20334
• root: do not rely on npm cli for version bump (cherry-pick #20276 to version-2025.12) by @authentik-automation[bot] in #20320
• ci: fix setup altering package-lock (cherry-pick #20348 to version-2025.12) by @rissson in #20355
• website/docs: Custom CSS (cherry-pick #19991 to version-2025.12) by @authentik-automation[bot] in #20286
• web: Fix locale selector in compatibility mode. (cherry-pick #19946 to version-2025.12) by @authentik-automation[bot] in #20088
• sources/saml: update handling statusmessage (cherry-pick #19739 to version-2025.12) by @authentik-automation[bot] in #20066
• website/docs: Fix broken link to flow executor (cherry-pick #20364 to version-2025.12) by @authentik-automation[bot] in #20369
• ci: pull latest changes before tagging new version (cherry-pick #20413 to version-2025.12) by @rissson in #20415
• website/docs: rac: update rac provider docs (cherry-pick #20225 to version-2025.12) by @authentik-automation[bot] in #20336
• stages/user_login: log correct user when session binding is broken (cherry-pick #20094 to version-2025.12) by @authentik-automation[bot] in #20452
• policies: measure policy process from manager (cherry-pick #20477 to version-2025.12) by @authentik-automation[bot] in #20480
• website/docs: fix GitHub social-login wording and capitalization (cherry-pick #20489 to version-2025.12) by @authentik-automation[bot] in #20504
• enterprise: add ES384 to enterprise license algorithms (cherry-pick #20507 to version-2025.12) by @authentik-automation[bot] in #20509
• endpoints: fix infinite recursion in stage with unsupported connector (cherry-pick #20485 to version-2025.12) by @authentik-automation[bot] in #20513
• website/docs: fix linux setup docs (cherry-pick #20508 to version-2025.12) by @authentik-automation[bot] in #20516
• providers/oauth2: deactivate locale after testing (cherry-pick #20518 to version-2025.12) by @authentik-automation[bot] in #20525
• policies: fix PolicyEngineMode ALL with static binding optimization (cherry-pick #20430 to version-2025.12) by @authentik-automation[bot] in #20523
• website/docs: remove bad logs redirect (cherry-pick #20522 to version-2025.12) by @authentik-automation[bot] in #20547
• internal: make http timeouts configurable (cherry-pick #20472 to version-2025.12) by @authentik-automation[bot] in #20566
• web/sfe: bug: polyfill needed to supply Object.assign() to IE11. (cherry-pick #20126 to version-2025.12) by @authentik-automation[bot] in #20136
• website/docs: kerberos: add note about caching (cherry-pick #20663 to version-2025.12) by @authentik-automation[bot] in #20665
• providers/proxy: move search path to query instead of runtime parameter (cherry-pick #20662 to version-2025.12) by @authentik-automation[bot] in #20692
• core: bump django from 5.2.11 to 5.2.12 (cherry-pick #20719 to version-2025.12) by @authentik-automation[bot] in #20737
• web/admin: Fix SCIM page_size UI issue (cherry-pick #20890 to version-2025.12) by @authentik-automation[bot] in #20928
• web/flows: add continuous flow 2025.12 by @BeryJu in #20362
• web/admin: fix missing OSM referrerPolicy header (cherry-pick #20984 to version-2025.12) by @authentik-automation[bot] in #20989
• flows: continous login debug 2025.12 by @BeryJu in #21044
• web/admin: handle non-string values in formatUUID to prevent Event Log crash (cherry-pick #20804 to version-2025.12) by @authentik-automation[bot] in #21051
• events: avoid implicitly setting context from login_failed event (cherry-pick #21045 to version-2025.12) by @authentik-automation[bot] in #21049
• docs: Add note on skipping object syncing (cherry-pick #20882 to version-2025.12) by @authentik-automation[bot] in #20893
• ci: fix escaping in cherry-pick action (#21082) by @BeryJu in #21084
• ci: rotate GH App private key (version-2025.12) by @BeryJu in #21086
• core: bump cbor2 from 5.8.0 to 5.9.0 (cherry-pick #21094 to version-2025.12) by @authentik-automation[bot] in #21095
• sources/ldap: fix exception in ldap debug endpoint (cherry-pick #21219 to version-2025.12) by @authentik-automation[bot] in #21220
• proviers/ldap: avoid concurrent header writes in API Client (cherry-pick #21223 to version-2025.12) by @authentik-automation[bot] in #21227
• website/docs: add example recovery flow with MFA (cherry-pick #19497 to version-2025.12) by @authentik-automation[bot] in #21304
• ci: allow setting working directory for setup action (2025.12) by @BeryJu in #21331
• root: fix compose generation for patch releases release candidates (cherry-pick #21353 to version-2025.12) by @authentik-automation[bot] in #21354
• providers/saml: Fix redirect for saml slo (cherry-pick #21258 to version-2025.12) by @authentik-automation[bot] in #21283
• web/flows: prevent leader tab deadlock in continuous login flow (cherry-pick #21583 to version-2025.12) by @authentik-automation[bot] in #21626
• core: bump django from v5.2.12 to 5.2.13 (cherry-pick #21520 to version-2025.12) by @authentik-automation[bot] in #21525
• providers/oauth2: don't auto-set redirect_uri (cherry-pick #21746 to version-2025.12) by @authentik-automation[bot] in #21749
• providers/oauth2: allow cross provider token introspection for federated providers (cherry-pick #21513 to version-2025.12) by @authentik-automation[bot] in #21747
• ci: fix postgres path for postgres 18 tests (2025.12) (#21767) by @BeryJu in #21788
• providers/oauth2: device code flow client id via auth header (cherry-pick #20457 to version-2025.12) by @authentik-automation[bot] in #21803
• providers/oauth2: clip device authorization scope against the provider's ScopeMapping set (cherry-pick #21701 to version-2025.12) by @authentik-automation[bot] in #21798
• providers/radius: fix message authenticator validation (cherry-pick #21824 to version-2025.12) by @authentik-automation[bot] in #21827
• web/packages: Rework SFE rendering (cherry-pick #21833 to version-2025.12) by @authentik-automation[bot] in #21851
• web: Fix duplicate Turnstile widgets after extended idle (cherry-pick #21380 to version-2025.12) by @authentik-automation[bot] in #21472
• root: update django to 5.2.14 (cherry-pick #22064 to version-2025.12) by @authentik-automation[bot] in #22065
• internal: fix lint (cherry-pick #22263 to version-2025.12) by @authentik-automation[bot] in #22306
• internal: Automated internal backport: GHSA-973w-j457-rp2m.sec.patch to authentik-2025.12 by @authentik-automation[bot] in #22281
• internal: Automated internal backport: GHSA-5wcc-hf24-rf5h.sec.patch to authentik-2025.12 by @authentik-automation[bot] in #22280
• internal: Automated internal backport: CVE-2026-41577.sec.patch to authentik-2025.12 by @authentik-automation[bot] in #22278
• internal: Automated internal backport: CVE-2026-40172.sec.patch to authentik-2025.12 by @authentik-automation[bot] in #22277
• internal: Automated internal backport: CVE-2026-40166.sec.patch to authentik-2025.12 by @authentik-automation[bot] in #22276
• internal: Automated internal backport: CVE-2026-40165.sec.patch to authentik-2025.12 by @authentik-automation[bot] in #22275
• internal: Automated internal backport: CVE-2026-42849.sec.patch to authentik-2025.12 by @authentik-automation[bot] in #22279
• website/docs: release notes for 2025.12.5 and 2026.2.3 (cherry-pick #22310 to version-2025.12) by @authentik-automation[bot] in #22311

Full Changelog: version/2025.12.4...version/2025.12.5